URL: | http://lantchinas.com/hotoffice/index.php |
Full analysis: | https://app.any.run/tasks/7106e252-ad5c-46c5-af5f-4e2f65c7cc33 |
Verdict: | Malicious activity |
Analysis date: | January 22, 2019, 15:59:17 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MD5: | F0A583BF083BFEC10B635D0F04C4C473 |
SHA1: | F99A2AFF483B26DCCCB1E0C4892B8CD0670001DC |
SHA256: | 383308E949466F1C6A578045B6D202CF96121AE7C1764C172E3BFC470519F4DA |
SSDEEP: | 3:N1KSElr+KNKiDMXbB4hHn:CSyaNiQXbQHn |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2992 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3284 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2992 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2992 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2992 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3284 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019012220190123\index.dat | dat | |
MD5:7052DDAC5AA87F924CAC4A321158C3BF | SHA256:3E2658897835B747369E3A954CDF27DEF1C8ED5A9C85091CE502642EF5DDC6A7 | |||
3284 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\0-small[1].jpg | image | |
MD5:12F4B8B543125CC986C79CD85320812F | SHA256:C13DB279143E1845EE4AAEE5AFEDC5BD75E9F7D50024B63883B45332C4960B3B | |||
3284 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\converged.login.min[1].css | text | |
MD5:041294F2364BA96D1008AFF40415ADA5 | SHA256:4F962EC8AE085492D496FCBBD74185AB1C8E377438DBCB5EC4F8517B7BD9293F | |||
3284 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\picker_account_aad[1].svg | image | |
MD5:9DE70D1C5191D1852A0D5AAC28B44A6C | SHA256:5D3357BD875B7335ACE42E8EE3A64578E4253BED1A4E279109DE403EEDAE3A69 | |||
2992 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon_a[1].ico | image | |
MD5:12E3DAC858061D088023B2BD48E2FA96 | SHA256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21 | |||
2992 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019012220190123\index.dat | dat | |
MD5:DEF50666046DCCB6F2B34F51C783D017 | SHA256:2DBC75A76806E40BA4EA5624FF809D59005DE547E97BD5F18F2D460AE8AD4BEF | |||
2992 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[3].png | image | |
MD5:9FB559A691078558E77D6848202F6541 | SHA256:6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914 | |||
3284 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\microsoft_logo[1].svg | image | |
MD5:EE5C8D9FB6248C938FD0DC19370E90BD | SHA256:04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3284 | iexplore.exe | GET | 200 | 23.95.214.246:80 | http://lantchinas.com/hotoffice/cmd-login=727b219497204cedb818ed9a818cee8b/files/converged.login.min.css | US | text | 84.4 Kb | malicious |
3284 | iexplore.exe | GET | 404 | 23.95.214.246:80 | http://lantchinas.com/hotoffice/cmd-login=727b219497204cedb818ed9a818cee8b/files/convergedlogin_pcore.min.js | US | html | 403 b | malicious |
3284 | iexplore.exe | GET | 200 | 23.95.214.246:80 | http://lantchinas.com/hotoffice/cmd-login=727b219497204cedb818ed9a818cee8b/lfs5vrpbuvfwas7m4tm0rhn0.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&loginpage=&.rand=13InboxLight.aspx?n=1774256418&fid=4 | US | html | 23.8 Kb | malicious |
3284 | iexplore.exe | GET | 404 | 23.95.214.246:80 | http://lantchinas.com/hotoffice/cmd-login=727b219497204cedb818ed9a818cee8b/files/convergedloginpaginatedstrings-en-gb.min.js | US | html | 419 b | malicious |
3284 | iexplore.exe | GET | 200 | 23.95.214.246:80 | http://lantchinas.com/hotoffice/cmd-login=727b219497204cedb818ed9a818cee8b/files/picker_account_aad.svg?x=9de70d1c5191d1852a0d5aac28b44a6c | US | image | 756 b | malicious |
3284 | iexplore.exe | GET | 302 | 23.95.214.246:80 | http://lantchinas.com/hotoffice/index.php | US | binary | 1 b | malicious |
3284 | iexplore.exe | GET | 200 | 23.95.214.246:80 | http://lantchinas.com/hotoffice/cmd-login=727b219497204cedb818ed9a818cee8b/files/0-small.jpg?x=12f4b8b543125cc986c79cd85320812f | US | image | 1.00 Kb | malicious |
2992 | iexplore.exe | GET | 200 | 23.95.214.246:80 | http://lantchinas.com/hotoffice/cmd-login=727b219497204cedb818ed9a818cee8b/files/favicon_a.ico | US | image | 16.7 Kb | malicious |
3284 | iexplore.exe | GET | 302 | 23.95.214.246:80 | http://lantchinas.com/hotoffice/cmd-login=727b219497204cedb818ed9a818cee8b/?reff=MzQxYmY0ZTE2Y2E4NzJlMjQxMzljOTI0NzhhMTAzZTU= | US | binary | 1 b | malicious |
2992 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2992 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3284 | iexplore.exe | 23.95.214.246:80 | lantchinas.com | ColoCrossing | US | malicious |
2992 | iexplore.exe | 23.95.214.246:80 | lantchinas.com | ColoCrossing | US | malicious |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
lantchinas.com |
| malicious |
PID | Process | Class | Message |
---|---|---|---|
3284 | iexplore.exe | A Network Trojan was detected | MALWARE [PTsecurity] Adobe PDF Phishing Landing |
3284 | iexplore.exe | Potentially Bad Traffic | ET CURRENT_EVENTS Microsoft Ajax Phishing Landing 2018-08-07 |